monthly-to-annual

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The workflow ingests outsider-authored free text via Step 3 “Slack — customer channel + DMs” (searching in:#posthog-<customer-slug> and recent DMs) and Step 3 “Granola — meeting transcripts” (customer meeting transcripts), which are then read and summarized into the LLM context for the briefing/draft.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill explicitly instructs runtime fetching of external content (e.g., the PostHog handbook URL posthog.com/handbook/growth/sales/contract-rules and customer blogs via Exa web_fetch_exa) which would be incorporated into and can directly alter the agent's prompts/output, so it is a runtime external dependency that controls agent behavior.